SSRS 2016 Forms Authentication

SSRS 2016 comes with completely new report manager web interface and implementing form authentication extension for ssrs 2016 is little bit different from the earlier versions. In this article, all the necessary steps will be discussed for successful implementation of the custom security extension.

Compiling the Extension

First download the sample project from here and open it with the visual studio 2012. Unlike in earlier versions, here we implement IAuthenticationExtension2 interface which provides additional GetUserInfo method.

Setup the database by referring /Setup/CreateDatabase.txt and do the necessary changes for DB_HOST and DB_NAME fields in AuthenticationUtilities class. Add a reference to Microsoft.ReportingServices.Interfaces.dll which is located at \ReportServer\bin and try building the solution.

Configuring SSRS

Place the compiled FormAuth.dll to ReportServer/bin directory and Logon.aspx file to the ReportServer directory.

Modify the block in the rsreportserver.config as follows

<Authentication>
<AuthenticationTypes>
<Custom/>
</AuthenticationTypes>
<EnableAuthPersistence>true</EnableAuthPersistence>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
</Authentication>

Replace <UI> section with,

<UI>
<CustomAuthenticationUI>
<UseSSL>False</UseSSL>
<PassThroughCookies>
<PassThroughCookie>sqlAuthCookie</PassThroughCookie>
</PassThroughCookies>
</CustomAuthenticationUI>
<ReportServerUrl> <report server url> </ReportServerUrl>
</UI>

Make following changes to the <Security> and <Authentication> sections as well,

<Security>
<Extension Name="Forms" Type="FormAuth.Authorization, FormAuth">
<Configuration>
<AdminConfiguration>
<UserName>admin</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
</Security>
<Authentication>
<Extension Name="Forms" Type="FormAuth.AuthenticationExtension, FormAuth"/>
</Authentication>

Now open the rssrvpolicy.config file and insert following code just after the <CodeGroup></CodeGroup> block with Url=”$CodeGen$/*” attribute.

<CodeGroup class="UnionCodeGroup" version="1" Name="SecurityExtensionCodeGroup" Description="Code group for the sample security extension" PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="<ssrs installation dir>\ReportServer\bin\FormAuth.dll"/>
</CodeGroup>

Please note that Url has to be the absolute path of the DLL.

Open up the web.config file inside ReportServer directory and change

<authentication mode="Windows" />
<identity impersonate="true" />

with

<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name="sqlAuthCookie" timeout="60" path="/"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<identity impersonate="false" />

Insert <machineKey/> element inside the <system.web> element.

<machineKey
validationKey=""
decryptionKey=""
validation="AES" decryption="AES" />

You have to update validationKey and decryptionKey attributes properly. following online machine key generator can be used for this.

http://www.a2zmenu.com/utility/machine-key-generator.aspx

Note that validation and decryption algorithm has to be AES.

Now open the Microsoft.ReportingServices.Portal.WebHost.exe.config file inside RSWebApp directory. Create a <system.web></system.web>inside the and place the same machine key element, which you have used in ReportServer/web.config file,within the <system.web></system.web>

Finally restart the reporting service.

ssrs2016-form-authentication.

Attachment source for anonymous access, tested in SSRS 2016